Policies - IT

bet365 apps

Acceptable Use Policy [AUP]

 

Scope

This policy applies to all users of university technology resources including but not limited to faculty, staff, students, guests, alumni, and third-party users of bet365 apps information technology resources, irrespective of whether those resources are accessed from on-campus or off-campus locations.

This AUP ensures that use of the university’s resources supports its educational, research, public service, and administrative missions in the best possible way. Effective support of the university’s mission requires complying with relevant legal, contractual, professional, and policy obligations whenever information technology resources are used. Effective support also means that individuals do not interfere with the appropriate use of information technology resources by others.

This policy broadly covers all of the university’s information technology resources – hardware, software, and content; this includes but is not limited to electronic networks, systems, computers, devices, telephones, software, data, files, and all content residing in any of these (referred to as “IT resources”). This policy applies to all digital records of the university and to the information in those records, regardless of the location.

Wireless and Wired Network Access

The use of information technology resources is restricted to the university’s educational and business purpose. Eligible users are provided network authentication credentials to support their business role and educational purpose.

Neither individuals nor units nor departments are permitted to independently deploy network devices that extend the university network, or that secure or isolate parts of the university network, except as approved by RWU IT or as outlined under the provisions of this policy.

Appropriate Email Use

A bet365 apps-assigned email account is an official means of communication between all users and the university. All communications transmitted via email will be consistent with RWU’s administrative policies. Sensitive university and personal information will not be sent via email unless specific steps are taken to confirm that the transmission is secure.

All RWU email users are responsible for information sent from their university-assigned or shared account. Unawareness of officially sent email will not be accepted as a reason for failure to respond to or comply with any information contained within the message. Email quotas are enforced and therefore regular email management is required to minimize the possibility of delivery failures. Undeliverable messages caused by a full inbox or use of a filter will be considered delivered without further action required on the part of the university.

Confidentiality of Data

Users are responsible for ensuring that security-sensitive information [SSI] is processed consistent with university’s Written Information Security Policy (WISP), and state and federal laws. Users of university data that contains SSI must not:

  • Disclose data to others except as required by their job responsibilities.
  • Use data for their own or others’ personal gain or profit.
  • Access data to satisfy personal curiosity.

Reports for official or external distribution must be authorized by the responsible office.

Monitoring and Privacy

As a matter of routine system maintenance and compliance, the university may store electronic communications for a period of time. With reasonable and justifiable cause, the university reserves the right to inspect and examine any university-owned or operated communications system, electronic resource, and/or files without prior notice. No inspection or examination of files or information contained therein will be conducted in violation of applicable privacy laws or regulations.

Although the university seeks to create an atmosphere of privacy with respect to information and information technology resources, users should be aware that the use of the university's information resources cannot be completely private.

Bandwidth and Resource Usage

The university continuously monitors technology resources to ensure availability and optimal performance. The university’s management will address issues of excessive use and will work with users and relevant administrators to identify, assess, and address issues of excessive use. Bandwidth usage is prioritized based upon network needs that directly serve the university mission, that avoid or eliminate service degradation, and that enables the most effective overall use of technology resources.

Personal Usage

Minimal or incidental employee personal use that is not part of a legitimate university business function is permitted when it is:

  • Not excessive
  • Does not result in any measurable costs
  • Does not interfere with normal business activities 

Personal use must comply with all applicable university policies. Personal use must not violate the law, interfere with the fulfillment of an employee’s university responsibilities, or adversely impact or conflict with activities supporting the mission of the university.

Circumvention of Security Controls

Users must not run, operate, or otherwise configure software or hardware to intentionally spy or allow access by unauthorized users. Users are prohibited from attempting to circumvent or subvert any IT systems, personal privacy space, or physical security measures.

For university-owned assets, the removal or disabling of endpoint device management software without prior approval of RWU-IT is considered a breach of this policy.

Software Installation

Information Technology installs software and updates to RWU-owned devices. Removing or disabling any RWU installed software without prior approval of IT is considered a breach of this policy.

Users who choose to operate and manage software not licensed by the university are responsible for the associated licensing, installation, updates, and security in accordance with this policy.

Software that reaches the end of support life is, by default, not permitted to connect to the university network because security patches are no longer provided by the vendor. If a special exemption is required, this must be requested formally via RWU’s MediaTech Helpdesk [mediatech@rwu.edu].

Enforcement

Sanctions for violations of this policy may include the loss of computing privileges and/or other consequences pursuant to the existing student or employee disciplinary procedures of bet365 apps. Illegal acts involving RWU computing resources may also subject users to law enforcement referral and/or prosecution by local, state, and/or federal authorities.

Policy Governance

University management will periodically review this AUP to ensure business requirements and user needs are being met and reserve the right to amend this policy as needed.

Applicability of RWU Policies

This AUP constitutes a living document and intended to work in conjunction with other university policies and procedures – included but not limited to: Written Information Security Plan; Copyright, Legal and Privacy Statement; Electronic Communications Policy; VPN Policy; Wireless Airspace Policy.

 

APPROVED AND ADOPTED:

Ioannis Miaoulis, President

Dated:

Recommended for Adoption:

( X )  President’s Cabinet (date)

(   ) Office of General Counsel (date)

Standard Number: IT.AUP.V2

Category: IT Acceptable Use Policy

Owner: Information Technology

Effective: TBD

Revision History: 8/18/2021 Security Advisory Group

Review Date: 8/19/2021

bet365 apps

Account & Password Management

 

Terminated Employees

The Human Resources (HR) department of the university notifies the Information Technology (IT) department of employee termination. Once the IT department has been notified, the terminated employee’s Active Directory Federation Services (ADFS) account and Office 365 account will be disabled within 24 business hours and no more access will be granted to the employee, unless otherwise directed by HR.

Colleague

Colleague is the ERP system for the university. Access is limited to select employees depending upon their role at the university. Just as overall access is granted to an employee from their starting date to their termination date, an employee’s ability to use Colleague is the same. Once IT is notified of either termination or movement, the employee’s Colleague access is disabled within 24 business hours. IT conducts audit reports annually or biannually to ensure only individuals with particular roles are granted access that they need.

Multifactor Authentication

bet365 apps currently requires multifactor email and VPN authentication. Authentication for faculty and staff.

Password Management

bet365 apps requires complex passwords for network and system access. These requirements include:

  • Passwords must not contain the user's entire account name or entire display name (full name).
  • Password must be changed every 180 days and cannot be the same password used for the past three times.
  • Must be at least 8 characters long and include three of the following four categories:
    • Uppercase characters of European languages (A through Z, with diacritic marks, Greek and Cyrillic characters)
    • Lowercase characters of European languages (A through Z, sharp-s, with diacritic marks, Greek and Cyrillic characters)
    • Numbers (0 through 9)
    • Nonalphanumeric characters: ~!@#$%^&*_-+=`|\(){}[]:;"'<>,.?/

APPROVED BY: RWU-IT, 8/19/2021 
Standard Number: IT.APM.V1 

Category: IT Account and Password 

Management Owner: Information Technology Effective: 8/30/2021 

Revision History: 8/19/2021 Security 

Advisory Group Review Date: 8/19/2021

bet365 apps

Bring Your Own Device [BYOD] Policy

 

Scope

This policy is intended to address users of non-university owned IT devices such as smart phones, tablets, and other devices to access and store university information. This is commonly known as ‘bring your own device’ and referred to in the rest of this policy as BYOD.

This BYOD policy defines the acceptable use of mobile devices, specifically the use of these devices on the RWU network and those devices connecting remotely to RWU internal and cloud-based resources. RWU reserves the right to revoke the privilege of using personally owned devices if a user does not follow this policy. The primary provisions of this policy are as follows:

  • Connecting a personal device to the university’s O365 applications requires installation of mobile access management application on the device.
  • Employees must obtain support directly from the vendor for their personal device, if required.
  • The device must be used in the manner intended by the manufacturer; it cannot have been inappropriately unlocked or hacked.
  • Personal devices must be protected with a pin or password access control, and locked screen enabled when inactive.
  • The employee is responsible for keeping their device up to date with vendor-approved operating systems and antivirus software.
  • The employee will have their device remotely wiped of O365 data if the device is lost, stolen, transferring ownership, has an incurable virus, or has been compromised by a data breach. All employees desiring to use a personal device on the RWU network must have read the RWU Acceptable Use Policy and agree to follow all requirements of that policy when accessing university resources.

 

Standard Number: IT.BYOD.V1

Category: Personal Devices

Owner: Information Technology

Effective: TBD

Revision History: 8/18/2021 Security Advisory Group

Review Date: 12/19/2024

bet365 apps

Change Management Procedure

 

Overview

Change Management is the process of recording, evaluating, approving, planning, and overseeing the implementation of a change in a controlled and efficient manner. A change is an addition, modification, or removal of a service or service component and its associated documentation.

Scope

This document defines the bet365 apps Information Technology (IT) department change management procedure. The change management procedure document should be reviewed by all Roger William University employees who are proposing a technology change relative to technology infrastructure, information security, software, or other technology related services.

Objectives

Roger William University’s objectives for the change management process are:

  • Maintain a single repository for recording all changes.
  • Ensure the process is adopted, adhered to, and escalated if there are compliance issues.
  • Initiate the change management process to provide sufficient lead time for adequate impact analysis.
  • Ensure good controls applied to changes.
  • Communicate changes to IT and affected university constituencies.
  • Streamline the procedures so that there is an appropriate balance between the complexity of the change and the required controls.

Primary Benefits of Change Management

  • Improve customer relations and perception through better communication, less downtime, and higher quality service.
  • Require that all changes are thoroughly tested and that each deployment includes a back-out plan to restore the state of the environment in the event that the deployment fails.
  • Ensure that the configuration management system is updated to reflect the effect of any changes.
  • Decrease time and resources spent ‘fire-fighting’.
  • Reduce frequency of unplanned service interruptions.
  • Create a more stable infrastructure with better understanding of cross‐group relations.
  • Improved risk assessment and mitigation.
  • Establish better understanding of potential user impact.
  • Assure that all proposed changes are evaluated for their benefits and risks, and that all impacts are considered.
  • Prioritize changes so that limited resources are allocated to those changes that produce the greatest benefit based on the business need.

Procedure

This procedure will ensure that changes within the defined scope must go through the change management procedure and must have a completed request for change (RFC) with appropriate approvals. If a change needs to be scheduled outside of a change window, the change’s implementation date/time needs approval from the appropriate parties. Also with each change, the following plans must be accounted for: implementation plan, test, communication, and back-out plans.

Request for Change (RFC) Procedures

A request for change is the first step needed in order to change a current procedure or function that is currently implemented. All formal change control procedures will be documented and all changes will be entered on the IT calendar. If a change needs to be scheduled outside of the proposed window, the change’s implementation date/time needs approval from the appropriate party.

A risk assessment will be performed for every new change that is executed. Each change will also be well-tested and verified prior to implementation.

In order for there to be a change made: First there must be a creation of request, then the change must be reviewed and assessed, planned, tested, proposed, implemented, reviewed and lastly, the entire process must conclude.

Creating a Request for Change

Details that may be found in a change request include:

  • Incidents that necessitate the change.
  • Description of how the change would be implemented.
  • The impact that the change would have on all associated systems.
  • A risk assessment.
  • Contact information for everyone involved in the change.
  • An outline of who will need to approve the request.
  • A backup plan to follow in case the change is not successful.

Reviewing and Assessing a Request for Change

  • Evaluate the request based on its practicality and priority.
  • Determine whether the request is reasonable and give feedback related to the request.
  • Practical requests will be evaluated according to the originator of the request, the impact that making a change would have on the university, the estimated return on any investment made in relation to the request, and the resources that are needed to fulfill the request.

Planning the Change

Plan the change as if it is going to occur. A change plan outlines the course that the change will take, the resources that are needed to complete the change, and a timeline for implementation.

Testing the Change

If a change relates to debugging software or otherwise changing a system, the IT department may need to test the change before it is approved. A small-scale test will demonstrate the procedure to be followed in case the change request is approved. Testing the change also gives IT the opportunity to work out any problems in the procedures that may develop.

Creating a Change Proposal

A change proposal outlines the type of change, the priority associated with a change request, and the outcomes that could occur if the change is not made. The requesting party’s proposal will be given to the person empowered to authorize the change, so it is important that they provide a thorough explanation of why a change needs to be made. For example, a change with a high-priority level may result in outages that will affect customers and result in revenue losses. The people who authorize changes must be aware of the severity of the impact.

Implementing Changes

Implementing a change is not a simple process. The change has to be built during the planning process, and implementation is just one step in the change management process. Once the change has been made, tests must be done to determine whether the desired results have been achieved. If the change is not successful, remediation methods may be used to determine what went wrong and to implement a backup plan to alleviate the issues that necessitated the change request.

Reviewing Change Performance

The post-implementation review is an essential part of the change management process. As an IT professional, it is important to understand whether the change procedures are working as expected. This includes reviewing records to determine whether the change was successful or failed, and recording details about the time and expense of the change to determine the accuracy of estimates that were made before a request was fulfilled. Reviewing change performance gives IT the opportunity to fine-tune the proposed change management process for better results in the future.

Concluding the Process

Make sure that the entire process has been documented in a database that all stakeholders can access. Once this documentation has been made, the process is closed out.

Types of Changes

Changes are categorized into three types based on the required workflow and approval procedure. The types are:

Standard – Pre-approved based on change model

  • Standard changes are changes to a service or to the IT infrastructure where the implementation process and the risks are known upfront. These changes are managed according to policies that the IT organization already has in place. Since these changes are subject to established policies and procedures, they are the easiest to prioritize and implement. They often don’t require approval from a risk management perspective.

Normal - Change that follows normal approval flow

  • Normal changes are those that must go through the change process before being approved and implemented. If they are determined to be high-risk, the Chief Information Officer must decide whether they will be implemented.

Emergency – Immediate incident-related change. May be documented after the fact.

  • Emergency changes arise when an unexpected error or threat occurs, such as when a flaw in the infrastructure related to services needs to be addressed immediately. A security threat is another example of an emergency situation that requires changes to be made immediately.

Scope of Changes

The scope of a change is determined by the range of its potential impact on services. The broader the potential impact on services, the wider the scope. Scope is categorized as follows:

  • University/Campus – One or both campuses (Bristol and Providence).
  • Significant – A school or 2 or more departments.
  • Department – A single department.
  • Minor – Five or less individuals (faculty, staff and/or students).

Maintenance

Change control meetings are held monthly in order to assist all communicating changes. If any changes require migrating data from one server or application to another, data integrity tests will be conducted. Updated documentation will include procedures for any emergency changes as well as any patch management.

 

APPROVED BY: RWU-IT, 4/2/2020

Standard Number: IT.CMP.V2

Category: IT Change Management

Owner: Information Technology

Effective: 4/2/2020

Revision History: 4/2/2020

Security Advisory Group Review Date: 4/2/2020

bet365 apps

Colleague ERP System Access and Security

 

Purpose

The purpose of this policy is to ensure the security, confidentiality, and appropriate use of all associated data which is processed, stored, maintained, or transmitted in conjunction with the university’s enterprise resource planning (“ERP”) system known as Colleague. This includes protection from unauthorized modification, destruction, or disclosure, whether intentional or accidental.

Scope

The Colleague ERP Access and Security Policy applies to all individuals who have access to campus computer systems and networks, including but not limited to all university employees and student-employees, who are, during the normal course of their employment with RWU, granted access to personal information (examples of personal information include a full name, social security number, driver’s license number, email address, date and place of birth, etc.) as defined in the university’s Written Information Security Plan (WISP). It applies not only to stored information but also to the use of the various computer systems and programs used to generate or access data, the computers that run those programs including workstations to which the data has been downloaded, and the monitors and printed documents that display data. Users shall keep all such information contained in Colleague confidential except as required to perform authorized job duties.

Access will be limited to that necessary to perform an individual’s job functions as specifically authorized by an individual’s supervisor, and in the case of undergraduate student-employees, by the divisional Vice President. In addition to the information outlined herein, the confidentiality, use and release of electronic data are further governed by established college/university policies and federal and state laws, including (but not limited to) the following:

  • Federal Education Rights and Privacy Act (FERPA)
  • Rhode Island Identity Theft Protection Act of 2015
  • RWU Student Catalog
  • RWU Student Handbook
  • RWU Student Code of Conduct
  • Information Technology Policies and Procedures, including the Acceptable Use Policy

This policy addresses security and access associated with the Colleague ERP System as defined within this document and does not revise, void, or supersede in any way the duties and obligations of the aforementioned laws, regulations, and policies.

Definitions

Colleague Data: Any data that resides on, is transmitted to, or extracted from any Colleague system, including databases or database tables/views, file systems and directories, and forms.

Colleague Security Administrator: An IT professional position in the Office of Information Technology Services responsible for processing approved requests.

Colleague System: Finance, Financial Aid, Human Resources, Student, and any other interfaces to these systems.

Data Custodians: Data Custodians are responsible for determining who should have access to data within their institutional jurisdiction, and the nature and extent of any authorized access privileges. Responsibilities for implementing security measures may be delegated, though accountability remains with the institutional owner of the data. Additionally, Data Custodians oversee data management functions related to the capture, maintenance, and dissemination of data for a particular operational area.

Areas of Responsibility and corresponding Data Custodians:

Admissions

  • Associate Vice President for Enrollment Management
  • Director of Graduate Admission
  • Assistant Dean of Admission School of Law
  • Director of Admissions and Student Enrollment University College

Student System

  • University Registrar
  • Registrar and Director of Student Finance School of Law

Student Financial Aid

  • Director of Financial Aid

Human Resources System

  • Assistant Vice President of Human Resources

Accounts Receivable & Cash Receipts

  • University Bursar & Registrar and Director of Student Finance School of Law

Finance, Purchasing, Vendors, Payroll

  • Vice President for Accounting and Treasury Management

Advancement, Alumni, Development, Major Prospects & Parents

  • Vice President for Institutional Advancement

Data Users: Data Users are individuals who access Colleague data in order to perform their assigned duties.

Query access: Access enabling the user to view but not update Colleague data.

Maintenance access: Access enabling the user to both view and update Colleague data. This access is limited to users directly responsible for the collection and maintenance of data.

Data Administration

By law and university policy, certain data is confidential and may not be released without proper authorization. Users must adhere to any applicable federal and state laws as well as university policies and procedures concerning storage, retention, use, release, and destruction of data.

All Colleague data, whether maintained in the central database or captured by other data systems, including personal computers, remains the property of RWU and is covered by all university data policies. Access to and use of data should be approved only for legitimate RWU business and/or academic purposes.

Data Custodians are responsible for ensuring a secure office environment in regard to all Colleague data. Division/department heads will review the Colleague data access needs of their staff as it pertains to their job functions before requesting access via the Colleague Access Request Form.

Colleague data (regardless of how collected or maintained) will only be shared among those employees who have and maintain a demonstrated job-related need to access it.

Any system incident, negligence, abuse, breach of security access, misuse, or compromise of data, or attempt to access any administrative computing system outside of the administrative office's area of supervision for any reason will result in the immediate termination of the employee's access authorization and may result in disciplinary sanction.

Access to Colleague Data

Below are the requirements and limitations for all university divisions/departments to follow in obtaining permission for access to Colleague data.

The Data Custodian must request access authorization for each user (active employees, temporary employees, graduate student employees) under their supervision by completing and submitting a Colleague Access Request Form. Each user is required to sign this request to acknowledge their understanding of, and agreement to comply with, the security and access policies of the university. The appropriate Data Custodian(s) will review the request and either approve or deny it. The Data Custodian and user’s supervisor are responsible for assuring that the level of access requested is consistent with each user’s job responsibilities and sufficient for the user to effectively perform their duties. Approved requests will be forwarded to the Colleague Security Administrator for processing. Under no circumstances will access be granted without approval of the appropriate Data Custodian(s).

Student Employee Access to Colleague Data

Information Technology policy states that individuals categorized as active undergraduate students of the college are prohibited from direct logon access to the administrative data systems on the administrative portion of the network. Administrative data systems include the Colleague Enterprise Reporting Planning (ERP), RogerCentral (Ellucian’s Self-service Application), Safety & Security (T2 System), Student Life/Housing (Adirondack), Student Life/Judicial Affairs (Maxient), Library (OCLC), Dining Services (Cbord), Bookstore(Barnes & Noble), Events (25 Live), Card Access (Safe/QuantumSecure), Outlook/O365, etc. These systems (and any new IT supported system in the future) require greater data security and system security controls and protections.

Active graduate student employees who sign a confidentiality / nondisclosure agreement may obtain access to the Colleague ERP system as long as authorization is granted by the division / department head.

The RWU IT Administrative Services Department establishes logon control measures to implement this policy in accordance with other IT policies, such as the RWU Acceptable Use Policy. Other IT departments design and establish positive application logon access control measures implementing this policy complimenting the multi-layer security posture. Exceptions to this policy are authorized on a case-by-case basis, but must be closely monitored by IT and the Division(s) requesting an exception.

RWU employs students as student-employees in many administrative offices; therefore increasing the demand for access to administrative data systems. In order to permit efficient access and to prevent security breaches, such as an employee using their logon for students, the following procedures are authorized as an Exception to this policy:

  • Upon authorization from the relevant divisional Vice President, an RWU Data Custodian who seeks access for the student employee can request an exception of policy from the Information Technology Department by submitting an IT Helpdesk request for each named student employee.
  • Exception will only be granted upon a demonstration by the sponsoring requestor that there exists a critical need for access by the student employee, will be limited to those systems for which access is a job-related necessity, and will be granted only for the period of time that the student actually works in the department's office, and cannot exceed the end of academic term. All access will be promptly deleted at end of term, or sooner at the discretion of the university.
  • Exceptions cannot be transferred to another office if the student-employee transfers. Exceptions cannot cover more than one office; a second request must be submitted if the student works in two or more administrative offices.
  • Summer employment and winter break by RWU students is assumed to be a new academic term for this policy. Note: Students from other colleges, schools, or temporary employees working for the summer will be treated as casual employees, not covered under this policy, and therefore ineligible for such exception-based access.
  • Undergraduate students will sign the standard Colleague Confidentiality Statement prior to access.

All requests approved for a term, or period of time, will automatically end at close of business on the last day of the academic term, and IT will immediately remove student logon access to all administrative data systems.

Any system incident, negligence, abuse, breach of security access, misuse, or compromise of data, or attempt to access any administrative computing system outside of the administrative office's area of supervision for any reason will result in the immediate termination of the student employee's access authorization and may result in disciplinary action.

To request an exception for student access to administrative systems, please contact the MediaTech Helpdesk at mediatech@rwu.edu or 401-254-6363.

Secured Access to Data

Colleague security classifications are established based upon job function. Specific capabilities will be assigned to each security classification. Each user will be assigned a security classification.

Some users may be assigned several classifications depending on specific needs identified by their division/department head and approved by the Data Custodian(s).

The use of generic accounts is prohibited for any use that could contain protected data.

Each functional area has a clearly defined set of Colleague security classifications that is readily available for review and stored in a location that is available to said area, as well as appropriate systems management staff. Each area reviews the definition of their classes at least annually, and at the time of a system upgrade, to guarantee definitions are still appropriate, and that newly delivered forms are assigned to appropriate classes. Each functional area is required to review and sign off on their Colleague security classes each year.

Twice a year, data custodians will receive from an Information Technology department official a printed report of all users who currently have access to some portion of their data along with the roles assigned. Data Custodians are REQUIRED to review this information, sign off, and return this to the Information Technology department official to keep on file. It is the responsibility of the Data Custodian to verify that each user is still employed and has not changed positions within the university.

Changes are typically fairly limited, as the termination protocol should capture these changes immediately. Failure to return this documentation may result in user account terminations.

Employee supervisors in conjunction with the Data Custodians are responsible for ensuring that each Colleague user is familiar with and understands this policy. User accounts are assigned by the Information Technology department to authorized users after the submission of a complete Colleague access application form. Colleague training is provided by each department as needed and required.

Colleague users will not share their access codes with anyone. If it is found that access codes have been shared, any user involved may be subject to disciplinary action.

All Colleague information must be treated as confidential. Public or “directory” information is subject to restriction on an individual basis. Unless your job involves the release of information and you have been trained in that function, any requests for disclosure of information, especially outside the university, should be referred to the appropriate office.

 

Colleague System Access and Security

Policy Revised September 2019

bet365 apps

Computer Replacement Policy

 

Purpose

This policy supports the Information Technology initiative to ensure that computer technology and related equipment are replaced on a designated cycle. Old technology has much higher operational costs and negatively impacts productivity.

Scope

This policy addresses all staff, faculty, administration, and computer lab inventory across all RWU campuses.

Policy

Computer technology is scheduled for replacement as part of July capital planning on a cycle of no fewer than four years for faculty and no fewer than five years for staff, and computer labs. The annual replacement of computers purchased is dependent on funds allocated by the university.

Any full-time employee with a position that requires a computer will be provided one with our standard configuration.

There is a limit of one computer for each employee who requires one. A computer is defined as a desktop, laptop, or notebook. Upon receiving the new computer, IT shall take the old computer from the employee.

Because these assets are the property of the university and not the department, when an employee vacates a position, and the computer is unassigned, it is brought back to Information Technology for cleaning and possible reuse elsewhere.

Departments that determine they need computer equipment outside of the schedule will need to contact the Information Technology department for specification and purchase.

Computer equipment cannot be reallocated to another person without the knowledge of the Information Technology department.

Computer purchases are university assets and are not intended to be the personal property of a faculty or staff member.

Monitors may not be replaced during this cycle if the asset is in working order. Computers purchased with grant or professional development funds, work-study computers, and peripherals such as personal desktop printers and external storage devices are not part of any replacement cycle.

Hardware and software purchased without the knowledge of Information Technology may not be supported.

Computers that are replaced are entered into a loaner pool and will be used when a newer asset needs to be serviced.

Retired assets will not be sold to any university community member or other organizations.

APPROVED BY: RWU-IT, 3/20/2023

Standard Number: IT.CRP.V1 

Category: Owner: Information Technology. 

Effective: 3/20/2023

bet365 apps

Computer Retention Policy for Retiring Faculty

 

Policy Statement

This policy outlines the criteria and procedures governing the acquisition of university-owned computers by retiring faculty members. This policy aims to ensure a fair and transparent process while maintaining the security of university data and resources.

Scope

This policy applies to all retiring faculty members of bet365 apps who wish to retain their university-owned computers upon retirement.

Policy Guidelines

Eligibility

  • Only university-owned computers four (4) years or older are eligible for retention by retiring faculty members (15 years of service minimum).
  • Exceptions to the age criterion may be considered on a case-by-case basis, subject to the approval of the Information Technology department and the Office of Academic Affairs. 

Data Wipe

  • All university-owned computers that meet the eligibility criteria must undergo a thorough data wipe process before being released to retiring faculty members.
  • The IT department shall conduct the data wipe procedure to erase all data and personal information permanently.
  • It is the retiring faculty member's responsibility to ensure that they have backed up any personal files or data they wish to retain before submitting their computer for data wipe.

Retention Requests

  • Retiring faculty members must submit their computer retention requests directly to the university IT department by submitting the following form: 
  • The request should include the retiring faculty member's name, contact information, retirement date, and the asset tag number of the computer (if available).
  • The request should be submitted at least 30 days before the retirement date to allow sufficient data wipe and processing time.

Evaluation and Approval

  • The IT department will evaluate each acquisition request based on the eligibility criteria outlined in Section 1 of this policy.
  • The IT department reserves the right to decline retention requests that do not meet the criteria or compromise the security or integrity of university data and resources.

Release of Computers

  • Upon approval, the IT department will coordinate with the retiring faculty member to schedule the pickup or delivery of the computer.
  • The retiring faculty member will be required to sign a release document confirming the acquisition of the computer and acknowledging their responsibility for any future maintenance or repairs.

Ownership Transfer

  • Once the retiring faculty member has retained the computer, ownership transfers to them and becomes their property.
  • The retiring faculty member must comply with applicable laws and regulations regarding computer equipment use, disposal, or transfer.
  • The retiring faculty member will be responsible for the support and maintenance of the computer once ownership has been transferred.

Review and Revision

The IT department will review this policy periodically to ensure its ongoing relevance and effectiveness. Any necessary revisions will be made with the approval of the relevant authorities.

bet365 apps

Copyright Infringement Policy

 

bet365 apps, including bet365 apps School of Law (“university”), has developed this Copyright Infringement Policy for the university’s computer network to effectively combat the unauthorized distribution of copyrighted materials by users of the university’s network, without unduly interfering with educational and research use of the network.

What is copyright?

Copyright is legal protection of intellectual property, in whatever medium, that is provided for by the laws of the United States to the owners of copyright. Types of works that are covered by copyright laws include, but are not limited to, literary, dramatic, musical, artistic, film, and multi‐media works. Many people understand that printed works, such as books and magazine articles, are covered by copyright laws. However, they are not aware that the protection extends into software, digital works, and unpublished works and it covers all forms of a work, including its digital transmission and use.

What is the current law concerning digital copyright?

The Digital Millennium Copyright Act (“DMCA”), signed into law in 1998, recognizes that digital transmission of works adds complexity to the copyright laws. The DMCA provides non‐profit educational institutions with some protections if individual members of the community violate the law. However, for the university to maintain this protection the university must expeditiously take down or otherwise block access to infringing material, whenever it is brought to the university’s attention and whether or not the individual who is infringing has received notice.

It is important to note that the DMCA contains serious implications with respect to infringing activities of faculty, graduate students, undergraduate students, or staff who are performing teaching or research functions if the university has received more than two notices of infringement against an individual within a three‐year period.

The unauthorized distribution of copyrighted material, including peer‐to‐peer file sharing, may subject an individual to civil and criminal liabilities. Copyright infringement is the act of exercising, without permission or legal authority, one or more of the exclusive rights granted to the copyright owner under section 106 of the Copyright Act (Title 17 of the United States Code). These rights include the right to reproduce or distribute a copyrighted work. In the file‐sharing context, downloading or uploading substantial parts of a copyrighted work without authority constitutes infringement. Penalties for copyright infringement include civil and criminal penalties. In general, anyone found liable for civil copyright infringement may be ordered to pay either actual damages or “statutory” damages affixed at not less than $750 and not more than $30,000 per work infringed. For “willful” infringement, a court may award up to $150,000 per work infringed. A court can, in its discretion, also assess costs and attorneys’ fees. For details, see Title 17, United States Code, Sections 504, 505. Willful copyright infringement can also result in criminal penalties, including imprisonment of up to five years and fines of up to $250,000 per offense. For more information, please see the website of the U.S. Copyright Office at; , especially their FAQ’s at .

Why is it an important issue right now?

Copyright is an issue of particular seriousness because technology makes it easy to copy and transmit protected works over the university’s network. While the university encourages the free flow of ideas and provides resources such as the network to support this activity, the university does so in a manner consistent with all applicable state and federal laws. The university does not condone the illegal or inappropriate use of material that is subject to copyright protection and covered by state and federal laws.

What kinds of activities violate federal law?

Following are some examples of copyright infringement that may be found in a university setting:

  • Downloading and sharing MP3 files of music, videos, and games without permission of the copyright owner;
  • Using corporate logos without permission;
  • Placing an electronic copy of a standardized test on a department's web site without permission of the copyright owner;
  • Enhancing a departmental web site with music that is downloaded and artwork that is scanned from a book without attribution or permission of the copyright owners;
  • Scanning a photograph that has been published and using it without permission or attribution as the background of a web site; • Placing a number of full‐text articles on a course web page that is not password protected, thereby making the web page accessible to anyone who can access the Internet;
  • Downloading licensed software from non‐authorized sites without the permission of the copyright or license holder;
  • Making a movie file or a large segment of a movie available on a website without permission of the copyright owner.

Specifically, is sharing and downloading MP3 files and videos illegal?

It is true that some copyright holders give official permission to download MP3 files and you might be able to find a limited number of videos that are not copyright protected. It is also true that some MP3 files are copyright free and some MP3 files can be legally obtained through subscription services. However, most MP3 and video files that are shared do not fall into any of these categories.

U.S. copyright laws allow you to create MP3s only for the songs to which you already have rights; that usually means you purchased the CD or tape. U.S. copyright laws also allow you to make a copy of a purchased file only for your personal use. Personal use does not mean that you can give a copy to other people or sell a copy of it.

How do you get caught violating copyright law?

Copyright holders represented by organizations such as the Recording Industry Association of America, the Business Software Association, and the Motion Picture Association of America are applying serious efforts to stop the infringing downloads of copyrighted music, movies, and software. The companies or their agents locate possible copyright infringements by using automated systems or "bots" that search the networks looking to see if any of the common music, movie, or software sharing programs are active on a port (e.g. KaZaA, Gnutella). The bot then asks the sharing program if it has a music title by a particular artist. If the sharing program answers positively, the bot reports the particular IP address andtitle to an authority, who then sends out a violation notice to the owner of the IP address. The university's network has a range of IP addresses, and all computers connected to the university’s network have an IP address. When the university receives a violation notice, the university locates the IP address and whenever possible the user of that address. At that point, the university is required to act on the notification.

If the IP address leads to my computer, what happens next?

Violation notices come to the university’s director of Information Technology from organizations that represent the artists and copyright holders. When the university receives such a notice, staff in IT look up the network IP address and stop network services to the port that is connected to the computer where the infringing material resides. At this point, the computer cannot use any university resources or internet resources. Once the identity of the individual is known, the individual is notified that they must remove the infringing material from their computer and inform IT and the Office of Student Conduct and Community Standards if the individual is a bet365 apps student, or the Dean of Students for the School of Law if the individual is a bet365 apps School of Law student, of its removal before network access will be reinstated.

First‐time Notifications:

If this is the first notification that the university has received on an individual, IT will temporarily disable the network port of the offending PC. The offending individual must verify that the infringing material has been removed from the computer and sign a certification document. Once this is done, the network connection will be reinstated, and the computer can return to the network. A report about the violation of copyright will be sent by IT to the Office of Student Conduct and Community Standards if you are a bet365 apps student; the Dean of Students for the School of Law if you are a bet365 apps School of Law student; to your senior administrator and Human Resources if you are staff; and to your department chair and Dean or Provost if you are faculty.

Second Notification Process for Students:

If students are found in violation a second time, their privileges to access the network from their personal computers, either through a wired port or through wireless, will be denied for two weeks. If it is subsequently determined that a student did not violate a copyright, the network connection will be allowed. When second infringements have occurred, the Office of Student Conduct and Community Standards will be notified if the student is a bet365 apps student and the Dean of Students for the School of Law will be notified if the student is a bet365 apps School of Law student. Appropriate action may also be taken within the university's disciplinary process, and a letter of disciplinary action may be entered into the student's record. If the student tries to connect his/her computer to the internet from a university port that is assigned to someone else, through an open port in a classroom, or through the wireless service, further disciplinary action may take place. During this two-week period, students will be allowed to access the internet only from university computers.

Subsequent Notification Process for Students:

If students are found in violation a third time, their privileges to access the network from their personal computers will be denied for a full semester. If it is determined that a student did not violate copyright, the network connection will be allowed. These subsequent infringements also will be reported to the Office of General Counsel, the Office of Student Conduct and Community Standards ifthe student is a bet365 apps student, and the Dean of Students for the School of Law if the student is a bet365 apps School of Law student, and will result in action taken within the university's disciplinary process. If the student tries to connect to the internet from a university port that is assigned to someone else, through an open port in a classroom, or through the wireless service, further disciplinary action may take place. During the period when students cannot connect a personal computer to the network, students will be allowed to access the internet only from university computers. Additional infringements will result in permanent loss of network privileges and/or referral of the student's name to the appropriate authorities for civil or criminal prosecution.

Second Notification Process for Faculty and Staff:

Faculty and staff who are engaged in teaching and research functions are expected to understand and act in accordance with applicable copyright laws. The university is obligated to exercise greater responsibility to address instances of repeated infringement by these individuals. There are potentially serious implications for both the individual and the university if the university receives more than two notices of infringement against an individual within a three‐year period. For this reason, in an instance of a second notification of an individual's infringing activities the university's Office of General Counsel is also notified of the infringement, and a meeting with the relevant administrators will be held to determine the action(s) to be taken.

What are some legal alternatives for downloading or otherwise acquiring copyrighted material?

The internet offers a variety of legal alternatives for downloading or otherwise acquiring copyrighted material, including Amazon, iTunes, and Pandora. The following website contains links to legitimate online services: http://www.educause.edu/legalcontent. The university will, in consultation with its Chief Information Officer or other designated officer, periodically review the legal alternatives for downloading or otherwise acquiring copyrighted material, make available the results of the review to students, and to the extent practicable offer legal alternatives for downloading or otherwise acquiring copyrighted material.

What are the university’s procedures for reviewing the effectiveness of this policy?

The university will periodically review the effectiveness of this policy using relevant assessment criteria. Such criteria shall include an inquiry into whether the university is following best practices, as developed by similarly situated institutions that have devised effective methods to combat the unauthorized distribution of copyrighted material.

bet365 apps

Data Storage Policy

 

Purpose

bet365 apps is committed to protecting its data. Data storage environments including cloud storage are useful in many ways. However, there are inherent risks relative to security, copyright, privacy, and data retention.  Unlike data stored on premises, when documents are saved in cloud storage environments, the university must identify the appropriate administrative and access controls for the stored data. This policy notes best practices and applies to all university employees and affiliates that store the university data classifications outlined in this policy.

Scope

This policy applies to all persons accessing university data on premises and/or using third party services capable of storing or transmitting protected or sensitive electronic data that are owned or leased by bet365 apps, all consultants or agents of the university, and any parties who are contractually bound to handle data produced by and in accordance with university contractual agreements and obligations.

Compliance with Legal and Regulatory Requirements

The university has many federal laws that it must follow, these include the Family Educational Rights and Privacy Act of 1974 (FERPA), and RI General Laws 11-49.3 (Identify Theft Protection Act) and 5-37.3 (Confidentiality of Health Care Communications and Information Act).

Definitions

Data Classifications

Protected Data: Under state law, personally identifiable information means an individual's first name or first initial and last name in combination with any one or more of the following data elements when the name and the data elements are not encrypted or are in hard copy, paper format:

  • Social security number
  • Driver's license number, state identification card number, or tribal identification number
  • Account number, credit, or debit card number, with or without any required security code, access code, password, or personal identification number, that would permit access to an individual's financial account
  • Medical or health insurance information
  • E-mail address with any required security code, access code, security Q&A, or password that would permit access to an individual's personal, medical, insurance, or financial account

Sensitive Data: Data not meant for public distribution but not classified as protected data (i.e. internal policies, internal memos, intranet information)

Public Data: Data meant for public distribution (i.e. external website, public relations materials, etc.)

Storage Classifications

Cloud Storage: Cloud infrastructure provisioned for open use by the general public (i.e. Dropbox, Microsoft OneDrive - Personal, Google Docs - Personal, etc.)

University System on Premise: Private on-premise Infrastructure provisioned for the exclusive use of bet365 apps (i.e. network drives, student information system, finance system, HR system, etc.)

University System Cloud-based: Cloud infrastructure provisioned for the exclusive use of bet365 apps (i.e. RWU Microsoft O365, RWU learning management system, RWU Google, etc.)

Local Storage: Personal or bet365 apps devices not connected to a network-controlled infrastructure (i.e. USB drives, laptops, desktop computers, etc.)

Policy Guidelines: The following guidelines note the permitted and prohibited storage systems for the data classifications outlined in this policy.

Protected Data

  • Cloud Storage: Prohibited
  • University System (On-Premises): Permitted
  • University System (Cloud-based): Permitted with Encryption
  • Local Storage: Prohibited

Sensitive Data

  • Cloud Storage: Prohibited
  • University System (On-Premises): Permitted
  • University System (Cloud-based): Permitted with Encryption
  • Local Storage: Prohibited

Public Data

  • Cloud Storage: Permitted
  • University System (On-Premises): Permitted
  • University System (Cloud-based): Permitted
  • Local Storage: Permitted

All bet365 apps employees and affiliates looking to provision cloud storage services for work-related activities should consult with the Information Technology department before doing so, in order to ensure appropriate data security measures are taken.

Cross Policy References: Records Retention Policy [Retention Schedule], Written Information Security Program [Data Destruction Methods]

Standard Number: DataStoragePolicy.V1

Category: DataStorage

Owner: Information Technology

Effective: TBD

Revision History: 8/18/2021 Security Advisory Group

Review Date: 12/19/2024

bet365 apps

Electronic Communications Policy

 

The university’s electronic communication systems such as voicemail, e‐mail, website, computers, network, and internet access systems, both internal and external, are to be used primarily to advance the university mission of education, research, and public service.

The university recognizes that academic freedom is an essential aspect of the university mission and will interpret and carry out this policy so as to respect that principle. The university will also endeavor to interpret and carry this policy in a manner consistent with its various obligations to employees under existing collective bargaining agreements.

Communications transmitted through these systems should have a legitimate university‐related business purpose. These electronic communications resources may only be used for legal purposes and may not be used in any manner or for any purpose which is illegal, dishonest, disruptive, threatening, damaging to the reputation of the university, inconsistent with the mission of the university, or likely to subject the university to liability. The use of university electronic communications systems or facilities for private or personal commercial purposes is strictly prohibited, including any sort of non‐university related solicitation.

The university acknowledges that occasionally employees, faculty, student‐employees, and other endusers use university electronic communications systems assigned to them for non‐commercial, personal use. Such occasional noncommercial uses are permitted if they are not excessive, do not interfere with the performance of the employee or faculty member’s duties, do not interfere with the efficient operation of the university or its electronic communications resources, and are not otherwise prohibited by this policy or any other university policy or directive.

The university’s existing policies prohibiting harassment apply to the use of all university electronic communications systems. Therefore, the electronic communications systems are not to be used in any way which has the effect of unreasonably interfering with anyone else’s educational or work performance or which creates an intimidating, hostile, or offensive educational or work environment (whether or not based upon race, color, gender, disability, religion, national origin, sexual orientation, or age). Sending unwanted and/or offensive e‐mail messages may constitute harassment if they are persistent enough to create an intimidating or hostile environment. Impermissible harassment also includes making unwelcome sexual advances and requests for sexual favors which might be perceived as explicitly or implicitly affecting educational or employment decisions concerning an individual.

Electronic communications systems also shall not be used to post or send obscene, pornographic, sexually explicit, or offensive material unconnected to an employee’s job responsibilities, academic performance, or scholarly pursuits. Nor shall the electronic communications systems be used to commit fraud or misrepresentation, to libel or slander anyone, or to facilitate any unauthorized copying or transmission of copyright protected materials.

In addition, employees should not attempt to disrupt electronic communications, to violate computer system security, or to gain access to another employee’s personal electronic files or e‐mail messages without the latter’s expressed permission. System administrators perform periodic security and maintenance checks of the university electronic communications systems, facilities, and other computing resources that may include random examination of individual files or messages.

As a matter of routine system maintenance, the university may store electronic communications on magnetic media for a period of time after the communication is created. With reasonable cause or whenever there is a business need to do so, university management reserves the right to inspect and examine any university owned or operated communications system, electronic resource, and/or files or information contained therein without prior notice. No inspection or examination of files or information contained therein will be conducted in violation of applicable medical or psychological confidentiality statutes.

The contents of any electronic resource, message, and/or files or information which has been inspected under this policy will not be used or disseminated more widely than is necessary.

Violation of any portion of this electronic communications policy may result in disciplinary action. In cases of willful, flagrant, or repeated violation of this policy, the disciplinary action may include termination.

bet365 apps

Email Policy

 

A bet365 apps assigned student email account is an official means of communication between all students and the university. Students are responsible for all information sent to them via their university assigned email account. Students who choose to forward mail from their university email accounts are responsible for ensuring that all information, including attachments, is transmitted in their entirety to the preferred account. Unawareness of officially sent email will not be accepted as a reason for failure to respond to or comply with any information contained within the message.

Students are expected to check email on a frequent and regular basis in order to stay current with university‐related communications, recognizing that certain communications may be time‐critical. It is recommended that email be checked at a minimum daily. Email quotas are enforced and therefore regular email management is required to minimize the possibility of delivery failures caused by these errors.

Undeliverable messages caused by a full inbox or use of a filter will be considered delivered without further action required on the part of the university. The student will be held responsible for the information contained within these messages.

bet365 apps

Information Security Policy

 

Purpose

bet365 apps has created the following Information Security Policy in order to protect the confidentiality, integrity, and availability of university data as well as protect any information systems that store, process or transmit any university data. bet365 apps finds it critical to protect all university information from accidental, malicious, or unauthorized disclosure, misuse, modification, destruction, loss, and/or damage.

Scope

This policy applies to anyone who is authorized to access university data which includes but is not limited to: faculty, staff, and third-party agents of the university. Implementation of information security controls and defense-in-depth strategy allows the Information Security Team to identify and monitor security risks and create a stronger security environment for the university. These controls and strategies are to be reviewed and updated against industry best practices such as ISO and NIST.

Maintenance

This policy is reviewed by the bet365 apps Information Security Office annually and on-going IT security risk assessments are conducted regularly. All results and identified mitigation plans are shared with the board members via the audit committee.

Policy

bet365 apps recognizes that in many instances it must collect, store, and use sensitive information relating to its students, employees, and individuals associated with the university. The Information Security Team is dedicated to collecting, handling, storing, and using this sensitive information properly and securely. Throughout its lifecycle, all university data shall be protected in a manner that is considered reasonable and appropriate.

RWU Information Security Governance

bet365 apps requires that all users of the university computing infrastructure, devices, or data comply with all applicable laws, regulations, statutes, and university policies relating to information security and information technology. The university must be prepared to respond fairly and appropriately (1) to violations of law, regulation, or university policy relating to information security, (2) when questionable or unacceptable computing practices occur, or (3) where there is non-compliance with information security policy requirements or with reasonable requests for action or cooperation necessary to implement the university's information security policies. Lack of compliance will result in sanctions or other appropriate action.

 

Standard Number: ISP.V1

Category: Cyber Security Policy

Owner: Information Technology

Effective: TBD

Revision History: 8/18/2021 Security Advisory Group

Review Date: 12/19/2024

Roger William’s University

PCI Compliance Policy

 

Purpose

This policy is designed to protect cardholder information of students, parents, donors, alumni, customers, and any individual or entity that utilizes a credit card to transact business with the university. This policy is intended to be used in conjunction with the complete Payment Card Industry Data Security Standard (“PCI-DSS”) requirements as established by the PCI Security Standards Council (“PCI SSC”).  Without adherence to the PCI-DSS standards, the university would be in a position of unnecessary reputational risk and financial liability.

The PCI-DSS, is a worldwide security standard assembled by the PCI SSC.  The PCI-DSS includes technical and operational requirements for security management, policies, procedures, network architecture, software design and other critical protective measures to prevent credit card fraud, hacking, and various other security vulnerabilities and threats.   The standards apply to all organizations that store, process, or transmit cardholder data.

Scope of Policy

This policy applies to all university departments that collect, maintain, or have access to credit card information as well as third party vendors that process and store credit card information for the university using the university’s merchant accounts.

All persons who have access to credit card information, including:

  • Every employee that accesses, handles, or maintains credit card information.
  • Employees who contract with third party vendors who process credit card payments on behalf of the university.
  • IT staff responsible for scanning the university systems to ensure that no credit card numbers are stored electronically.

Policy

The university requires compliance with PCI standards.  To achieve compliance, the following requirements must be met by departments accepting credit cards to process payments on behalf of the university.

General Requirements

  • Credit card merchant accounts must be approved by the Vice President of Accounting and Treasury Management.
  • All employees who have access to credit card information must be familiar with and adhere to this policy.
  • The Vice President for Accounting & Treasury Management and Chief Information Officer will complete an annual self-assessment questionnaire and attestation of compliance following the PCI-DDS requirements.

Storage and Disposal

  • Credit card information must not be entered/stored on university network servers, workstations, laptops, smartphones, or other electronic devices.
  • Credit card information must not be transmitted via email.
  • Web payments must be processed using a PCI-compliant service provider approved by the Vice President for Accounting and Treasury Management. Credit card numbers must NOT be entered into a web page of a server hosted on the RWU network.
  • Although electronic storage of credit card data is prohibited by this policy, the university will perform a quarterly network scan to ensure that the policy has not been violated.
  • Any paper documents containing credit card information should be limited to only information required to transact business, only those individuals who have a business need to have access, should be in a secure location, and must be destroyed via approved methods once business needs no longer require retention.
  • All credit card processing machines must be programmed to print out only the last four or first six characters of a credit card number.
  • Securely dispose of sensitive cardholder data when no longer needed for reconciliation, business, or legal purposes. In no instance shall this exceed 45 days and should be limited whenever possible to only 3 business days. Secured destruction must be via shredding either in-house or with a third-party provider with certificate of disposal.
  • Neither the full contents of any track for the magnetic strip nor the three-digit card validation code may be stored in a database, log file, or point of sale product.

Third Party Vendors (Processors, Software Providers, Payment Gateways, or Other Service Providers

  • The VP for Accounting and Treasury Management must approve each merchant bank or processing contact of any third-party vendor that is engaged in, or propose to engage in, the processing or storage of transaction data on behalf of RWU—regardless of the manner or duration of such activities.
  • Ensure that all third-party vendors adhere to all rules and regulations governing cardholder information security using such methods as obtaining an annual PCI report attesting to PCI scan compliance and an Independent Auditors report on Statements on Standards for Attestation Examinations (“SSAE 16”).
  • Contractually require that all third parties involved in credit card transactions meet all PCI security standards, and that they provide proof of compliance and efforts at maintaining ongoing compliance.

Further Guidance

Questions: The university recognizes that this policy will not address all circumstances. Specific questions not answered by this Policy should be addressed to:

Gloria Arcia, VP for Accounting and Treasury Management

  • Office: Admin 201
  • Phone: 401-254-3843

Daryl Ford, Chief Information Officer

  • Office: Law School
  • Phone: 401-254-3148

Standard Number: IT.PCI.V1

Category: Payment Card Security

Owner: Information Technology

Effective: TBD

Revision History: 8/18/2021 Security Advisory Group

Review Date: 12/19/2024

( X ) Applies to University, Including Law School

( ) Applies to University, Except Law School

Policy No. PCI2019

bet365 apps

Records Management Policy

 

Statement of Policy

bet365 apps (RWU) requires that university records, in all formats, be efficiently managed, retained and destroyed in compliance with academic, administrative, business, and historical needs, as well as legal requirements and to optimize the use of space.

Applicability of Policy

This records management policy applies to each office, department, or unit that has or may have the possibility of creating a record. The following is a list of offices, departments, and units of the university that have the possibility of creating records; however, the list is not intended to be inclusive, but rather illustrative of the entities that have that possibility.

Board of Trustees 

President

Provost

Executive & Sr. Vice Presidents

All Vice Presidents

Chief of Staff

Academic Deans

Faculty Senate

Professor

Academic Advisement

Registrar

Human Resources

Sponsored Programs

Library

Learning Center

Enrollment Management

Law School

Financial Aid

Dean of Students

Student Conduct

Student Housing

Health Services

Athletics

Counseling

Camps & Conferences

Accounting

Treasury Management

Purchasing

Payroll

Accounts Payable & Receivable

Facilities Management

Bursar

Information Technology

Cashier

General Counsel

Risk Management 

University Advancement

Alumni Relations 

Public Relations

Institutional Research

Public Safety

Lock Shop

Environmental Health & Safety

 

Definitions of Terms and General Description of Responsibilities

Document: A “document” is any piece of information, in any form, produced or received by RWU. It shall include written material such as letters, memoranda and reports; databases; websites; e­‐mail communications; word and excel files; scanned images and photographs.

A document may be important to an operation of the university (such as an official transcript, letter of acceptance or appointment, approval of academic program, contract or e­‐mail confirmation of an agreement, building plan, budget document, policy statement or Board resolution) or may not be important to the operation (such as an invitation to lunch, scheduling or confirmation of a routine meeting, a post­‐it note or message to call home.)

A document that is important to the operation of the university, when finalized, would become a record and would be governed by this records management policy.

Record: A “record” is a document that is regarded as complete, final, and unchangeable, except in controlled circumstances, and is considered important to the operation of the university. Thus, normally a draft of a document or file notes would not be considered a record.

Tangible Record: Tangible records are those records that are in a format that may be handled and read by an individual and are often referred to as “hard copies.” Historically, university records have been in tangible format; however, the university is expanding its use of electronic records. Tangible records that have been scanned shall be considered electronic records. Tangible records shall be retained, managed, and destroyed in accordance with the Records Retention Schedule (attached).

Electronic Record: RWU has been expanding its use of a non-­tangible “paperless” record format. Such records include but are not limited to word-­processor documents, spreadsheets, databases, HTML documents, scanned or imaged documents, and any other type of file warehoused online via a hosted storage vendor, on a mainframe, on a computer hard drive or any external storage medium.  The same retention standards that apply to tangible university records also apply to electronic records, and the retention periods outlined in the Record Retention Schedule (attached) apply equally to university records in all formats.

Active Record: An active record, whether a tangible record or electronic record, is a university record currently used by a particular office, department, or other area of the university that generated or received it. An active record shall be retained in an active file by the originating office for a particular purpose and for a limited period of time. After the record is no longer actively needed by a particular office, department, or other area of the university that generated or received it, the record will be entirely destroyed or purged of certain documents and material consistent in compliance with the record retention schedule (attached), or if the record is deemed to be an inactive, permanent, or archival record (as hereinafter defined), the record shall be transferred to the appropriate file within the office.

Inactive Record/University Records Repository: An inactive record, whether a tangible record or electronic record, is a record that is required to be preserved for a period of time in accordance with the record retention schedule (attached), but which is no longer currently used by a particular office, department or other area of the university that generated or received it. As stated above, at such time as the record is no longer needed for use by a particular office, department, or other unit of the university that generated or received it, the record shall be either destroyed or purged of certain documents, if within the timeframe set forth in the records retention schedule, or maintained in the inactive records file storage in the generating or receiving office. If during the course of time, the inactive record becomes a permanent or archival record, the inactive record shall be transferred to the appropriate permanent or archival file within the office.

Permanent Record/University Records Repository: A permanent record, whether a tangible record or electronic record, is a record that is required to be preserved permanently in accordance with the records retention schedule (attached), but which is no longer used by a particular office, department, or other unit of the university that generated or received it. The generating or receiving office shall hold the permanent record in a permanent records file maintained within the generating or receiving office. Permanent records shall be preserved in the format in which they are generated or received, except in the case of tangible records, which may be converted to and stored as electronic records.

Archival Record/University Archivist: An archival record, whether a tangible record or electronic record, is a university record that has historic significance to RWU and shall be retained in the office or department in which it originated or received or sent to the university archivist located in the university library who shall preserve and retain the record in an archival file accessible only through the university archivist. If the record is sent to the university archivist, the office sending the record shall retain a copy of the record so transmitted.

Confidential Information/Right of Privacy

Many records subject to this records management policy contain personal confidential information, including but not limited to name, address, social security number, bank account information, financial or financial aid information, student identification number, medical information and employment information. Such records are protected by federal and state statutes including the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act (HIPAA), the Gramm-­‐Leach-­‐Bliley Act (GLBA) Information Security Program and Rhode Island Right to Privacy laws. Any such records shall be held confidential in accordance with legal requirements, and destruction of such records shall be undertaken securely and under careful supervision so as to eliminate the possibility of inadvertent release or publication of confidential or private information.

Other records contain information that, if revealed or disclosed, would cause serious harm to the business of the university or an office, department, or other area of the university. Such records, which may in addition be proprietary or privileged, should be identified as “Confidential” and theconfidentiality of such records shall be maintained. The destruction of such records shall be undertaken securely and under careful supervision so as to eliminate the possibility of inadvertent release of publication of such information.

Administration of the Records Retention Policy

Administration of Records Retention Policy /Reports to University General Counsel.

Each office or department is responsible for the administration of this records retention policy, and any questions regarding the application of this policy shall be submitted to the university general counsel.

Management of Records within an Office

The office, department or other area of the university that generated or received a record shall be the repository of active, inactive, permanent and archival records. The head of the office, department, or area that generated or received the record shall be responsible for receiving, managing, and destroying active records under this records retention policy; however, at such time as the records are no longer active records, and have not previously been destroyed in accordance with this policy, the records shall be removed to the appropriate inactive, permanent, or archival file (as defined herein) maintained by the office.

The department head shall be responsible for providing appropriate access to records, limiting access only to those who have job-­related responsibility with respect to material contained in the record. If a department head denies access to a person who believes that she or he has a job‐related responsibility with respect to material contained in a record, an appeal to the office of general counsel may be taken in a writing that sets forth in detail the record requested and the reason why access is needed. The decision of the office of general counsel shall be final with regard to the issue of access to the record.

Separate Files for Records

Each office, department, or unit that creates a record shall establish a file or files for holding university records, in which files shall be separate from other files. A standard file shall be for tangible records and a computer file for electronic records. At such time as a document becomes a record (see definitions above), that document shall be transferred to the records file, although a copy may be retained elsewhere for as long a period of time as that record is needed in the office. If at any time an inactive, permanent, or archival record is needed by the office, department, or unit that created it, that record may be retrieved from the appropriate file in replaced in the active records file.

Records Retention Committee

The president of the university, after consultation with the president’s cabinet, shall

appoint a committee of five (5) RWU non-­aligned employees to advise the president, through the president’s chief of staff, from time-­to‐time, as requested by the president, and to annually review this records management policy and schedule and to suggest modifications as deemed appropriate and to ensure compliance. Appointments to the committee shall be for terms of from one (1) to three (3) years to allow for committee continuity. The president shall appoint one committee member to serve as chair of the committee. An attorney with the office of general counsel shall attend any and all meetings of the committee.

Legal Advice and Counsel

In the event the office manager or department head is uncertain as to whether a particular record should be retained or destroyed, they shall address the issue to the office of the general counsel for a decision based on appropriate law, rule, or regulation or university policy.

Upon the direction of the office of general counsel, retention periods may be increased for reasons relating to pending or possible litigation or audit requirements, or for any other reason.

Manner of Record Destruction

In the event it is determined that a particular record should be destroyed, the record should be destroyed in one of the following ways:

  • Tangible records should be shredded so that confidential and/or personal information cannot practicably be read or reconstituted; or
  • Electronic records and other non-­tangible media shall be destroyed or erased so that confidential and/or personal information cannot practicably be read or reconstructed. The office manager or department head shall contact the office of information technology to ensure that electronic records are destroyed appropriately.

Convenience Copies

There is no need for employees, offices, departments, and other areas of the university that did not generate or receive a particular record to retain copies of university records beyond the time they are useful in conducting university business. Duplicate or multiple copies of university records (“convenience copies”) should be destroyed (using secure destruction methods if they contain confidential or personal information) when the records are no longer useful, but in no event later than the retention duration noted in the records management schedule.

Records, Including Computer Records, Belong to the University

All records, including but not limited to records maintained on university-­owned computers assigned to university employees, belong to the university and are subject to the within records management policy. Such records shall not be removed from the control of the university.

University records shall not be created, stored, or retained in an employee’s personal facility or computer.

Upon Termination of Employment

At such time as an employee leaves their position at the university, they shall not remove or delete any record or document from the university, including but not limited to any record or document contained in university‐owned computer(s) assigned to them while employed at the university. The computer(s) soassigned shall, on or before the last day of the employee’s service to the university, be delivered to the office of information technology, in which office shall be responsible for insuring that records contained in the computer shall be retained or destroyed in accordance with the provisions of this records management policy. Tangible records shall remain in the office in which the employee worked while at the university.

Records Retention Schedule

The following list contains the length of time that specific records shall be managed and retained, then, if not permanent or archival records, destroyed. The list is not exhaustive; and questions regarding the retention period for any specific record or class of records should be addressed to the university records administrator, who in appropriate cases, shall seek the legal advice of the office of general counsel.

bet365 apps

Google Account Policy

 

Objective

This policy applies to faculty, staff, students, and alumni assigned an RWU Google account (which includes Gmail, Google Drive, and other Google-related services).

For students, the Google account will serve as their official RWU email address for university related communication matters.

Acceptable Use

RWU Google accounts can be used for personal use, so long as such use does not unnecessarily burden the university, is not used for illegal purposes, or is not otherwise prohibited by university policy. This RWU Google account, including email messages and other stored data, is the user’s property. It is the responsibility of this account owner, not IT, to back up messages and account data. Email quotas are enforced. Therefore, regular email management is required by the account owner to minimize the possibility of delivery failures. Undeliverable messages caused by a full inbox or use of a filter will be considered delivered without further action required on the part of the university or the sending party.

Account Suspension and Removal

RWU Google accounts that do not retain active status with the university will follow the below guidelines:

  • Students graduating will retain access to their issued RWU Google account. However, alumni storage quota will be reduced to 1GB of space six months after graduating.
  • Alumni can retain their RWU Google account if they actively use it and adhere to the Google storage policy. Accounts not logged into for six months or found in violation of the Google storage policy will be permanently removed.
  • Accepted students that issue a registration deposit but later opt out of attending the university will have their RWU Google account permanently removed.
  • Students who are administratively withdrawn from the university will retain access to their RWU Google account for one academic term after their last registration period ends. The account will be permanently removed after the allotted time.
  • Students that transfer or withdraw will have their RWU Google accounts permanently removed upon official notice of the transfer or withdrawal.
  • Faculty and staff no longer employed by the university will have their RWU Google accounts permanently removed upon official departure notice issued by Human Resources.

RWU Google Account Storage Quotas

Alumni: 1GB

Clubs & Organizations: 10GB

Faculty & Staff: 10 GB

Students: 10 GB

 

APPROVED BY: RWU-IT Management

Standard Number: IT.GEMP.V2

Category: IT Student Email Accounts

Effective: March 8, 2023

Revision History: V1 4/25/2022

bet365 apps

Written Information Security Program

 

Objective

bet365 apps (“RWU”) has developed the following Written Information Security Program (the “Program”) to address the required regulations set to protect the personal information of all University personnel, including faculty, staff and students. Our University hosts individuals who not only reside in the State of Rhode Island but also nationally and internationally. This Program allows us to ensure that we are in compliance with all applicable laws and regulations that govern University personnel.

The Program’s goals are to set forth effective administrative, technical, and physical safeguards for personal information, to provide an outline to assure the ongoing compliance with the regulations, to protect personal information from unauthorized access, use, modification, destruction or disclosure, and to position RWU to comply with future privacy and safety regulations as such may develop.

Personal information for purposes of this Program shall mean: the first name and last name or first initial and last name of an individual in combination with any one or more of the following data elements that relate to such individual: (a) Social Security number; (b) driver’s license number, state-issue identification card number or tribal identification number; or (c) financial account number, credit card number, or debit card number with or without any required security code, access code, personal identification number or password, that would permit access to an individual’s financial account, or deposit or savings account numbers; (d) medical or health insurance information; and/or (e) a username or email address in combination with security code, access code, or password, or security question and answer that would permit access to an online account; provided however, that “personal information” shall not include information that is lawfully obtained from publicly available information, or from federal, state, or local government records lawfully made available to the general public.

The safeguards set forth in this Program are meant to protect the security and confidentiality of personal information, and to protect against any anticipated threats or hazards to the security or integrity of personal information.

Information Security

In order to further comply with applicable regulations, we have appointed a Chief Security Officer who will be responsible for the following:

  • Implementing the Information Security Policy.
  • Training employees who have exposure to personal information through their work at RWU on the various aspects of the Program, at least annually.
  • Obtaining certification of attendance to and understanding of such training by the employees.
  • Conducting regular testing and evaluation of the Program’s safeguards.
  • Verifying the ability of third-party recipients of personal information to comply with the regulations.
  • Reviewing the Program, its scope and its effectiveness at least annually or at such time as a material change in business practice occurs that implicates the security of personal information and upgrading information safeguards as necessary to limit risk.

Risk Assessment

The Chief Security Officer will conduct a risk assessment.  The initial risk assessment will seek to reveal the following potential and actual risks to the security and privacy of personal information:

  • Unauthorized access of personal information by an employee not entitled to the information.
  • Compromised system security as a result of unauthorized access by a third party.
  • Interception of personal information during transmission.
  • Unauthorized access to paper files containing personal information.
  • Unauthorized access to personal information through mobile personal devices.

The Chief Security Officer will discuss findings and recommendations resulting from the periodic reviews with relevant RWU personnel.

The Chief Security Officer will evaluate RWU’s security practices to determine where improvement is necessary to limit risks, including, but not limited to, ongoing employee training, employee compliance with security policies and procedures, means for detecting and preventing security system failures, and the upgrade of safeguards, if necessary, to limit risks.

Safeguards

In an effort to address the internal and external risks revealed during the risk assessment, RWU has implemented the following policies and procedures:

General Safeguards: RWU will limit the amount of personal information collected to that necessary to achieve legitimate business goals and to comply with state and federal laws and regulations.  RWU will limit access to personal information to those people with a need to know to accomplish legitimate business goals and to comply with state and federal laws and regulations. RWU will monitor its security systems for breaches of security.

Upon the occurrence of an incident requiring notification under state law, the Chief Security Officer will assemble the Incident Response Team and the Incident Response Procedure will be followed. Mandatory post-incident review by RWU following any actual or suspected breach of security, and documentation of the actions RWU takes in response to such breach, including any changes RWU makes to its business practices relating to the safeguarding of personal information will be conducted and documented.

RWU will restrict visitor access where personal information is stored. Visitors will be prohibited from visiting unescorted any area within RWU’s premises that contains personal information.

Employee Safeguards: RWU will post a copy of the Program in areas in which it will generally be seen by employees. Each employee will:

  • Promptly or upon the commencement of hiring, as the case may be, and once a year thereafter, participate in employee training about the Program and upon successful completion of the training, certify to attending training and understanding the terms of the Program and the importance of protecting personal information.
  • Have access to, and follow, privacy and security policies
  • Report any suspicious or confirmed unauthorized access, use or disclosure of personal information.
  • Comply with the Program at all times.
  • Be subject to disciplinary action for violation of this Program.

Employee training will, among other things, address issues relating to:

  • Proper access, use, and disclosure of personal information.
  • Proper disposal of personal information.
  • Proper safeguards for maintaining, transmitting, and storing personal information.
  • Logging-off computers.
  • Locking files and doors.
  • Limiting access to offices.
  • Properly handling and protecting mobile devices and removable media.
  • Password management.

Employees will be prohibited from storing, accessing or transporting personal information outside the premises of the business, unless in accordance with RWU policies.

Access to personal information by terminated employees will be revoked as soon as possible following termination, and terminated employees will be required to return all personal information in their possession; moreover, all passwords to computer systems will be promptly disabled, all access to electronic files, physical files, email, voicemail, and internet access will be promptly blocked, all keys will be surrendered and all forms of identification that permit access to RWU’s premises or information will be returned.  Terminated employees will be required to execute an agreement whereby they agree to honor all obligations with respect to maintaining the confidentiality of personal information handled during the course of their employment, to the extent not already contractually bound to do so. The University does require certain non-union professional and managerial employees to enter a confidentiality agreement upon hire, the conditions of which survive post-separation.

Non-Electronic File Safeguards: All tangible files containing personal information will be in a locked room or cabinet or stored securely offsite. Each department will control the distribution of their keys and will keep track of the number of keys issued.  RWU will limit access to offsite storage facilities containing personal information to those employees with a need to access the files, and RWU will periodically request an access log to monitor who is accessing such files.  When sending personal information via carrier, RWU will use overnight carriers with tracking and, if sending electronic information, encrypt the information to the extent technically feasible.

Electronic File Safeguards: Access to all electronic files maintained on RWU’s servers or RWU’s hardware that contain personal information will be limited to those employees with a need to know.

Moreover, RWU has set forth the following protocols to further protect personal information in electronic form.  RWU will, to the extent technically feasible:

  • Secure the services of a contract consultant to annually run intrusion testing.
  • Install firewall protection and operating system patches on all computers with personal information.
  • Install up-to-date versions of security agency software.
  • Encrypt personal information that is transmitted across public networks.
  • Encrypt all personal information stored on a laptop or other mobile or removable device.
  • Limit access to the computer system using complex logins and alphanumeric passwords that require changing every 90 days and require passwords and limited access to e-files containing personal information.
  • Require re-logging after passage of inactive time.
  • Prohibit posting or sharing of passwords by employees.
  • Lock users out after (6) failed log-in attempts.
  • Check websites and software vendor websites for alerts about new problems and implement such vendor approved patches as soon as practical.
  • Maintain control of user IDs and other identifiers.
  • Maintain passwords in a location and/or format that does not compromise the security of the data the password protects.
  • Prohibit the continued use of default passwords by employees (i.e. force employees to change passwords).
  • Maintain a reasonably secure method of assigning and selecting passwords or the user of unique identifier technologies such as biometrics or security tokens.
  • Terminate any access to personal information by terminated employees.
  • Use secure computer and Internet user authentication protocols (i.e. control of user identifications and other identifiers).
  • Divisional units are responsible for safeguarding paper files.

Third-Party Vendors: When using third-party vendors for services that necessitate the sharing of personal information, RWU will:

  • Request, when possible, the right to audit the policies and procedures of third-party vendors used to comply with the Regulations.
  • Obtain a copy of the third-party vendor’s written information security program designed to comply with the regulations.
  • Contractually require implementation and maintenance of privacy and security measures and a Written Information Security Program by the third-party vendor.

Disposal

RWU has implemented a record retention policy and schedule. When disposing of files containing personal information, RWU will follow its policy and schedule, which will include:

  • Shredding all hard copies of files containing personal information when such information is no longer required or needed to be maintained by RWU.
  • Destroying all electronic files containing personal information when such information is no longer required or needed to be maintained by RWU, including the destruction of residual electronic data on computers and other electronic devices.

bet365 apps

Service Level Agreement

 

Purpose

The information technology service level agreement (SLA) determines the service expectations between the information technology (IT) department and the bet365 apps community (current students, faculty, and staff). Its purpose is to assure the quality delivery of IT services while following information security protocols, technology policies, and being good stewards of university resources.

Scope

This agreement outlines specific services, priorities, and responsibilities associated with technology support at bet365 apps. The SLA is designed to represent a service agreement between the RWU community and the IT department, specifically, those services that are supported by the IT department. Technology support services are provided primarily through the MediaTech desk. The unit is committed to providing reliable, effective, and expedient service to the campus community.

Retired faculty and staff, alumni and external affiliates are not part of this SLA.

Services

For a full list of current services, please visit the MediaTech portal at , along with the RWU IT website at: .

Hours of Operation

Normal business hours: Monday – Friday, 8:00am to 5:00pm

IT department response times are based on the department’s normal business hours. However, please note that the MediaTech desk is available for extended hours during peak times. See the IT website for specific hours.

Requesting Services

  • Internet: 
  • Email: Please send a detailed description of your request/problem to mediatech@rwu.edu with current contact information.
  • Phone: 401.254.6363.
  • Walk-In: The MediaTech desk is located on the first floor of the Bristol campus main library.
  • Voicemail: Call 401.254.6363 or x6363 from a campus phone and leave a detailed description of your request/problem with current contact information.

Information Technology Department Service Priority Levels and Response Times

Service Priority Levels

The MediaTech desk is committed to making every effort to resolve issues at the time of the service request. If an issue cannot be resolved at the time of request, it will be given a priority level. Requests will be handled according to the priority assigned to them by the MediaTech desk.

Response Times

Response time commitments are meant to note the maximum time interval in which the customer will be contacted by the IT technician. It is not meant to be an indicator of the problem resolution timeframe. Resolution times will vary based on problem specifics.

Exceptions

  • The IT department will send out university-wide email communications when there is a planned or unplanned system outage. Service requests received after announcements are sent may not be responded to until the outage is over.
  • Due to the volume of calls during the opening two weeks of school, during exam periods, and other peak volume times, response times may be longer than normal. MediaTech staff will inform requestors if any of these exceptions are in effect.

Below is a list that describes the service priority levels, priority description, example, and associated IT response times:

Emergency: 

Significant disruption to a large number of users and/or an incident that impacts the immediate delivery of instruction, life-safety, or critical business transactions.

Examples:

  • Network outage in an entire building
  • Colleague is down
  • Projector failure in lecture hall during class

IT Response Time: 30 Minutes or Less

High:

Significant disruption to an individual or group of individuals that completely impacts the users’ ability to do work.

Examples:

  • User cannot log in to email
  • Computer lab printer failure

IT Response Time: 4 Hours

Normal:

An incident that partially impacts the user’s ability to do work. Workaround may be available.

Examples:

  • Local printer won’t print, but the department’s network printer is available
  • Non-critical software issue

IT Response Time: 6 Hours

Low:

Work is not affected.

Examples:

  • Cable TV problem
  • Request for wire management in an office

IT Response Time: 10 Hours

Customer Responsibilities

In order to expedite and facilitate the technology support process, RWU community members are requested to:

  • Provide detailed information about service requests and current contact information.
  • Make every effort to be available to communicate with an IT technician if necessary. Support requests will be closed after 2 failed attempts or multiple attempts within a 2-week period to contact the customer.
  • Read the IT Policies at 
  • Provide consent for an IT technician to access your computing device remotely or in person in your absence if necessary.
  • Notify the MediaTech desk at least 48 hours in advance of any pre-scheduled service needs (i.e. office moves)
  • Check the IT website for current information and self-help assistance at 

 

SLA Review

The IT SLA will be reviewed on an annual basis. It may be amended based on need or service level adjustments.

Approvals

The IT department’s senior leadership and the Chief Information Officer approve the SLA. The SLA will be published on the IT website.

Updated 1/9/2025

bet365 apps

VPN Remote Access Policy

 

Purpose

A remote access Virtual Private Network (VPN) service is needed to access computing resources hosted at bet365 apps (RWU) while working remotely. The purpose of this VPN policy is to provide guidelines to access IT services hosted at RWU. This policy is based on security best practices to ensure the confidentiality, integrity, and availability of RWU digital assets.

Scope & Guidelines

This policy applies to all RWU faculty, staff, and 3rd party contractors that require remote access to RWU’s private network infrastructure.

  • Only established RWU.EDU faculty, staff, and administrative accounts are allowed.
  • Temporary, shared, and student accounts are not permitted.
  • Vendor (AKA 3rd Party) accounts may have remote access under special approval: vendor accounts must have an RWU employee/department sponsor. The RWU sponsor bears responsibility for the vendor account. If the vendor account does not exist, the department sponsor must submit a .
  • BYOD (bring your own device) is permitted remote access under special approval and conditions disclosed in RWU’s BYOD Policy. By using VPN technology with personal equipment, users must understand that their devices are a de facto extension of RWU’s private network and, as such, are subject to security rules and regulations that apply to RWU-issued devices.

Policy

  • VPN access is managed by the RWU-IT department, including DNS filtering and log monitoring.
  • All devices with remote VPN access are subject to RWU’s Acceptable Use Policy.
  • Remote devices may use only VPN client software issued by RWU-IT.
  • VPN sessions require multi-factor authentication (MFA).
  • VPN access is terminated immediately after network sessions ends.
  • Data security: remotely processing sensitive and restricted data elements must comply with RWU’s Data Storage Policy.

Procedures, Requirements, and Responsibilities

  • RWU-IT is responsible for implementing and maintaining the university's remote access services.
  • Requests for remote access are initiated using the .
  • Unauthorized users are not allowed access to the device equipped with remote VPN access.
  • Redistribution of the RWU remote access VPN software is prohibited.
  • Once connected to RWU’s VPN, all routable network traffic will travel across the VPN tunnel.
  • RWU does not provide remote internet access. Users are responsible for the procurement and cost of acquiring basic broadband internet connectivity.
  • Technical support is provided by MediaTech during normal business hours (M-F 8:00 AM – 5:00 PM) 401.254.6363 mediatech@rwu.edu.

Restrictions and Enforcement

  • VPN services are used solely for RWU business purposes.
  • VPN access will be suspended following any suspicious network activity or alerts.
  • Intentional violations of the remote access policy are subject to the loss of VPN privileges.

 

APPROVED BY” RWU-IT, 6/20/2023

Standard Number: IT.VPN.V2

Category: Remote Access

Owner: Information Technology

Effective: 6/20/2023

Revision History: 5/30/2023 Information Security Officer

Review Date: 6/20/2023

bet365 apps

Wireless Airspace Policy

 

bet365 apps has implemented wireless networking services on the university campus to promote the convenience of mobile network connectivity. This service allows members of the university community to access the campus‐wide network from laptops and personal digital assistants. Accidental or intentional disruption of a wireless network will deprive others of access to important university resources. To provide this service, the radio frequency airspace of the university serves as the transport medium for this technology. Wireless networks operate on the campus shared and finite airspace spectrum.

Current wireless ethernet is based upon products that use the Federal Communications Commission radio frequency bands of 2.4 GHz and 5GHz. Wireless transmissions within these bands conform to the IEEE 802.11b DSSS (Direct Sequence Spread Spectrum) and IEEE 802.11a, IEEE 802.11b, IEEE 802.11g and IEEE 802.11n wireless LAN specifications. Other wireless products also exist in the marketplace that use these same 2.4 GHz and 5GHz frequency bands but do not conform to these standards. Such products can cause interference to wireless service and can prevent university users from obtaining or maintaining network connectivity. These devices include, but are not limited to, other IEEE wireless LAN devices, bluetooth products, cordless telephones, wireless video cameras, microwave ovens, and wireless audio speakers. Certain wireless LAN products are also more susceptible to unauthorized access due to encryption and security flaws. Therefore, the Office of Information Technology (OIT) will regulate and manage this airspace to ensure its fair and efficient allocation and to prevent collision, interference, unauthorized intrusion and failure. In addition, central management will facilitate the adoption of new features.

Persons using wireless devices to connect to the university network must be aware of this and comply with the policies outlined herein.

OIT will approach the shared use of the wireless radio frequencies in the same way that it manages the shared use of the wired network. All provisions of the university policies regarding computing, including the RWU Appropriate Use Policy, apply equally to both wired and wireless networking. Specific issues pertaining to wireless network devices are outlined below:

  • Only access points provided and installed by OIT or approved by OIT are permitted on the university network or the campus. A consultation with OIT is available to assist with questions. Should an unauthorized access point be found, the OIT has the option of confiscating the access point or requiring it to be removed. Any person found responsible for the installation of un‐authorized access points can be reported to the Office of Human Resources (in the case of employees) or the Office of Judicial Affairs and Community Standards (in the case of a student).
  • All access points shall be installed and configured in such a way as to comply with all security features of the wireless network, including restrictions to provide connections only to those users who are entitled to access as members of the university community.
  • No access points shall be installed on the administrative segments of the network. There shall be NO exceptions.
  • The university reserves the right to disconnect and remove any access point not installed and configured by OIT personnel or specifically covered by prior written agreement and/or arrangement with OIT. In cases where the device is being used for specific teaching or research applications, OIT will work with faculty to determine how the wireless devices may be used while maintaining required security and without causing interference.
  • Other devices such as portable phones, and wireless devices using bluetooth that broadcast and receive information on the same frequency as wireless Ethernet devices may not be allowed on the network, due to the possibility of interference. If reports of disruptions caused by such devices occur, the circumstances will be investigated and could result in removal of the device, with the determination to be made by OIT.

Only users affiliated with bet365 apps are authorized to use wireless networking on campus. To help protect these affiliated users from unauthorized access to their computer resources, OIT may implement data encryption and authentication security measures that must be followed by all users. These measures require the use of specific wireless LAN product types and are designed to meet emerging wireless encryption and security standards. These measures may include other authentication mechanisms including login, etc.

bet365 apps

Zoom Recording Storage Policy

 

Purpose

This policy pertains to the lifespan of recordings saved to the Zoom cloud.

Scope

This policy addresses all staff, faculty, students, and administration across all RWU campuses, who have university Zoom accounts.

Policy

Zoom storage is not intended as a permanent or long-term storage solution for meeting and webinar recordings.

Storage capacity in Zoom cloud storage is limited. To meet the ongoing needs of the university community, Zoom cloud recordings will be automatically deleted 18 months after being recorded.

Videos can be saved to your computer. Or, if you have an account in Panopto, your Zoom cloud recordings are automatically brought over into Panopto. If you chose to use Panopto for your cloud recordings, please be aware that Panopto also has a retention policy.

As with the Panopto policy, instructional materials are the intellectual property of the instructor, video backups are also the responsibility of the instructor.

 

APPROVED BY: RWU-IT, 5/15/2023

Standard Number: IT.CRP.V1

Category:

Effective: 5/15/2023